NodeJS + Express:如何保护URL [英] NodeJS + Express: How to secure a URL
问题描述
我通常会配置我的休息路径,例如:
app.get('/ archive',routes.archive);
现在我想要我的 / admin / *
一组要保护的URL,我的意思是我需要简单的身份验证,这只是一个草稿。
当用户尝试访问 / admin / posts
之前,向他发送相应的视图,数据,我检查一个req.session.authenticated。如果没有定义,我重定向到登录页面。
登录页面有一个简单的验证表单和一个登录控制器方法:如果用户发送正确的用户和正确的密码我设置了会话变量,并且他进行了身份验证。
我觉得很难,或者我不明白,是如何真正使过滤器代码,我的意思是,在每个/ admin / *路径调用之前,auth检查。这是否与中间件快递功能有关?
谢谢
是的,中间件就是你想要的。中间件功能只是一个功能,就像任何其他Express路由处理程序一样,它在您的实际路由处理程序之前运行。例如,你可以这样做:
function requireLogin(req,res,next){
if (req.session.loggedIn){
next(); //允许下一个路由运行
} else {
//要求用户登录
res.redirect(/ login); //或呈现表单等
}
}
//自动将`requireLogin`中间件应用于以`/ admin开头的所有
//路由`
app.all(/ admin / *,requireLogin,function(req,res,next){
next(); //如果中间件允许我们到这里,
//只需转到下一个路由处理程序
});
app.get(/ admin / posts,function(req,res){
//如果我们到这里,上面的`app.all`调用已经
//确保用户登录
});
您可以指定 requireLogin
作为中间件每个要保护的路由,而不是使用 app.all
呼叫与 / admin / *
,但是这样做的方式可以确保您不会意外忘记将其添加到以 / admin
开头的任何页面。 p>
I am using latest versions of NodeJS and ExpressJS (for MVC).
I usually configure my rest paths like this, for example:
app.get('/archive', routes.archive);
Now i want my /admin/*
set of URLs to be secured, I mean I need just simple authentication, it's just a draft.
When a user tries to access, for example, /admin/posts
, before sending him the corresponding view and data, I check for a req.session.authenticated. If it's not defined, I redirect to the login page.
Login page has a simple validation form, and a sign-in controller method: if user does send "right user" and "right password" I set the session variable and he's authenticated.
What I find difficult, or I don't understand, is how to actually make the "filter" code, I mean, the auth check, before every /admin/* path call.
Does this have something to do with "middleware" express functions?
Thank you
Yep, middleware is exactly what you want. A middleware function is just a function that works just like any other Express route handler, expept it gets run before your actual route handler. You could, for example, do something like this:
function requireLogin(req, res, next) {
if (req.session.loggedIn) {
next(); // allow the next route to run
} else {
// require the user to log in
res.redirect("/login"); // or render a form, etc.
}
}
// Automatically apply the `requireLogin` middleware to all
// routes starting with `/admin`
app.all("/admin/*", requireLogin, function(req, res, next) {
next(); // if the middleware allowed us to get here,
// just move on to the next route handler
});
app.get("/admin/posts", function(req, res) {
// if we got here, the `app.all` call above has already
// ensured that the user is logged in
});
You could specify requireLogin
as a middleware to each of the routes you want to be protected, instead of using the app.all
call with /admin/*
, but doing it the way I show here ensures that you can't accidentally forget to add it to any page that starts with /admin
.
这篇关于NodeJS + Express:如何保护URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!